Re: Rules to blocking MS-Messenger

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Those are the rules I use :

Try to include them in your script ....

# Block MSN
#/sbin/ipchains -A forward -s $all -d www.hotmail.com -j DENY
#/sbin/ipchains -A forward -s $all -d gfx.law9.hotmail.com -j DENY
#/sbin/ipchains -A forward -s $all -d gfx.pav1.hotmail.com -j DENY
#/sbin/ipchains -A forward -s $all -d loginnet.passport.com -j DENY
#/sbin/ipchains -A forward -s $all -d www.pav0.hotmail.com -j DENY
#/sbin/ipchains -A forward -s $all -d email.msn.com -j DENY
#/sbin/ipchains -A forward -s $all -d gateway.messenger.hotmail.com -j DENY
#/sbin/ipchains -A forward -s $all -d mail.yahoo.com -j DENY

Just try to ajust them to your needs.... The big key for msn is the 7th line !

Good luck

At 15:45 03/06/2003 +0200, you wrote:
Well, ok, the best way is block all ms sites ;-D


On Tue, 2003-06-03 at 14:39, Bruno Gimenes Pereti wrote:
> Hi Sergio,
>
> Paranoic protection is not the solution, MSN Messager connects to port 80
> when it can´t find port 1863. tcpdump is the best way to discover this but I
> think it´s easier to use netstat from the client host.
> You will have to block a lot of server from Microsoft (at least port 80).
> These is my rules from iptables to block one host (10.1.0.10).
>
> -A FORWARD -i eth2 -p tcp -m tcp -s 10.1.0.10 --dport 1863 -j DROP
> -A FORWARD -i eth2 -p tcp -m tcp -s 10.1.0.10 -d 207.46.110.0/24 -j DROP
>
> in ipchains you will get something like this:
>
> -A forward -p tcp -d 0/0 1863 -j DENY
> -A forward -p tcp -d 207.46.110.0/24 80 -j DENY
>
> Sometime ago I couldn´t open www.microsoft.com.br using this rules because
> those servers used to be the one who redirect www.microsoft.com.br to
> www.microsoft.com/brasil, but today I didn´t got this problem.
>
> Good luck.
> Bruno Pereti.
>
> PS. Your english is not worst than mine. :^)
>
>
> > > Hi friends,
> > >
> > > I am having problem for blocking ms-messenger.
> > >
> > > My firewall this based in packets filter and the policy
> > > input/output/forward is ACCEPT.
> > >
> > > Already the following politics in firewall is implemented in the top
> > > rules:
> > >
> > > ipchains -A input -p tcp -d any/0 --destination-port 1863 -j DENY
> > > ipchains -A input -p tcp -d any/0 --destination-port 1864 -j DENY
> > > ipchains -A forward -p tcp -d any/0 --destination-port 1863 -j DENY
> > > ipchains -A forward -p tcp -d any/0 --destination-port 1864 -j DENY
> > > ipchains -A output -p tcp -d any/0 --destination-port 1863 -j DENY
> > > ipchains -A output -p tcp -d any/0 --destination-port 1864 -j DENY
> > >
> > > ipchains -A input -p udp -d any/0 --destination-port 1863 -j DENY
> > > ipchains -A input -p udp -d any/0 --destination-port 1864 -j DENY
> > > ipchains -A forward -p udp -d any/0 --destination-port 1863 -j DENY
> > > ipchains -A forward -p udp -d any/0 --destination-port 1864 -j DENY
> > > ipchains -A output -p udp -d any/0 --destination-port 1863 -j DENY
> > > ipchains -A output -p udp -d any/0 --destination-port 1864 -j DENY
> > >
> > > However, these politics are not having validity, therefore my users are
> > > obtaining to use this program.
> > >
> > > Somebody as some tip of as to block this software?
> > >
> > > Thanks a lot!
> > >
> > > Best regards.
> > >
> > > P.S.: Plese, it forgives for the horrible english. :-)
> > >
> > > --
> > > ===================================
> > > Sergio A. Lima Junior
> > > Analista de Suporte
> > > ===================================
> > > Servico de Atendimento ao Cliente
> > > Depto. de Suporte
> > > Gruponet Tecnologia
> > > sergio@xxxxxxxxxxxxxxx
> > > http://www.gruponet.com.br
> > > ===================================
>
> ------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
> with "unsubscribe" in the subject of the message.
--
-------------------------------------------------------------------
| Andreu Sánchez Costa - Dep. Gestió de Sistemes - sistemes@xxxxxx |
| Tel: +34973234106 - http://www.iws.es/ - Internet Web Serveis |
| Fingerprint = 3ADA 69EF 4E84 DEC8 D219 6863 83F0 513E 06AE 46D1 |
| GnuPG key: 06AE46D1 ( pgp.mit.edu - www.keyserver.net ) |
-------------------------------------------------------------------

------------------------------------------------------- Eric Daigneault Administrateur de systèmes Vacances Air Canada ------------------------------------------------------- courriel : edaigneault@xxxxxxxx téléphone : (514) 876-0707 ext 3247 -------------------------------------------------------

------------------------------------------------------------------------
    To unsubscribe email security-discuss-request@xxxxxxxxxxxxxxxxx
        with "unsubscribe" in the subject of the message.



[Index of Archives]     [Fedora Announce]     [Linux Crypto]     [Kernel]     [Netfilter]     [Bugtraq]     [USB]     [Fedora Security]

  Powered by Linux